Your security team needs to implement a defense-in-depth strategy for a sensitive Cloud Storage bucket in Project A with these requirements:

The bucket must only be readable from Project B.

The bucket must not be accessible from outside the VPC network.

Data in the bucket must be prevented from being copied to an external Cloud Storage bucket.

What steps should the security team take?

Exam-Like

Enable domain restricted sharing in an organization policy, and enable uniform bucket-level access on the Cloud Storage bucket.

Enable VPC Service Controls, create a perimeter around Projects A and B, and include the Cloud Storage API in the Service Perimeter configuration.

Enable Private Access in both Project A and B's networks with strict firewall rules that allow communication between the networks.

Enable VPC Peering between Project A and B's networks with strict firewall rules that allow communication between the networks.

Google Professional Cloud Security Engineer